Indications
[1]
are that the Commerce Committee of the US House of
Representatives is likely to vote in favor of unprecedented
restrictions on Americans' right to be left alone. The so-called Oxley
amendment
[2]
to the SAFE bill, which started out attempting to
ease encryption export rules, would require Internet technology to
enable immediate access to plaintext for any Net message, without
notification to the sender.

This ZDNet coverage
[3]
gives an introduction of some of the
technical objections raised last week to the Oxley amendment. Here are
some more recent ones.

Voices from England
[4],
[5] and Europe
[6] refuted this
approach to encryption. An article in Communications Week
International
[6]
claims that the European Commission will refuse
to endorse key recovery in a report to be issued on 1997-10-01.

28 law professors detailed
[7] why the proposed law would be
unconstitutional.

65 companies and organizations signed a letter
[8] to the House
Commerce Committee opposing Oxley or any similar legislation.

The Congressional Budget Office issued an analysis
[9] of the
costs of a key-recovery infrastructure; the top estimate was $2
billion per year. CBO requested expert input into its estimates
(thanks to Rodney Thayer <rodney at sabletech dot com> for the first
word on this). Here is some of what the CBO got.

William Allen Simpson estimated that Oxley would slow all data
transmission on the Internet by 3 to 8 times, and in addition
would require the construction of a secure infrastructure as
large again as today's Internet for the transmission and
storage of users' keys.

Perry Metzger noted: "The cost to industry of implementing
[Oxley] and... to the government of running it is only the tip
of the iceberg. The cost to the economy [of] criminal activity
that cryptography would normally stop cannot possibly be
estimated."

The last word goes to cryptographer Bruce Schneier: "Law
enforcement needs to deal with technology. So, no more wiretaps.
Big deal. [FBI Director] Freeh needs to deal with that fact."

Apex Global Internet Services Inc. had tried unilaterally to work
a truce in the spam wars -- it hosted spammers, including the most
notorious of them all, Sanford Wallace's Cyber Promotions, while
sponsoring a trade association of "responsible" spammers: the
Internet E-Mail Marketing Council. Last Wednewday the ISP kicked
them all out [11],
[12].
It shut down the accounts of three spam
companies and ejected the IEMMC representstive from his office on
the AGIS site. The reasons for the ouster are not clear but may
involve protacted ping-flood attacks directed against CyberPromo.
(Wallace claims that AGIS stopped blocking ping floods a week
before.) This handy page
[13] from
Randy Benn keeps up-to-date with news accounts from the spam wars.

For the first time since the launch of HotBot, a new player in the
search-engine game bids to index the entire Web. Northern Light
[14],
a startup in Cambridge, MA, introduces a new technique -- folders
generated on the fly -- to organize and present search results. The
company offers searches of off-Web content such as journals,
magazines, how-to guides, and reference works. Searching the "Special
Collections" is free for now but the company will soon start charging;
Web searches will remain free. Wired gives a good summary
[15]
of Northern Light's story.

The Autumn 1997 number of the World Wide Web Journal
[16] will be
a special issue on XML. One of its articles is available on the Web
now in pre-copyright form
[17]. If you don't know about XML, an
evolutionary development from the tradition of SGML and HTML, you
probably should; you'll find a graceful introduction in "The Evolution
of Web Documents: The Ascent of XML," by Dan Connolly, Rohit Khare,
and Adam Rifkin
[17].

PC Week notes
[18]
the appearance of a new utility that can reveal
passwords stored in the Windows 95 password list on a local machine.
The tool is called Revelation
[19],
and it's a free download from
SnadBoy Software. The utility does not rely on decryption; it simply
grabs and displays data from a Windows 95 software buffer. SnadBoy
positions Revelation as a convenience tool for those who have
forgotten a password that they asked Windows 95 to remember for them.
Its potential for abuse is scary, but fortuately Revelation can't be
used over a network; it must be run from the keyboard attached to a
local machine.

Note added 1997-09-24:
A reader points out that this download is 1.23 MB, not 15 KB as stated
in the email edition.

Data Art registered at least 256 such names in the first week in
August. Perhaps they intend to sell the names to people who want to
benefit from "accidental" advertising; meanwhile Data Art is using
the names themselves to this end. Visit a plausible URL constructed
from any of the names and you get an advertisement and an invitation
to contact the company. (The HTML title of each such page is "typo.")

Daniel Bernstein, the professor who recently won a narrow ruling
[21]
in his challenge
[22]
to US cryptography export restrictions,
acquired a new email address courtesy of the Tonga registry
[23].
Robert Harley <Robert.Harley at inria dot fr> received a message from
Bernstein at his new address and gave public voice to the severe
case of email envy inspired by

At a recent Microsoft developers' conference in Paris the topic
turned to Java. Microsoft spokesmen began disparaging the
Sun-developed cross-platform language and talking up the Microsoft
alternatives. To the presenters' astonishment, the audience of 1200
developers disrupted the presentation with boos and calls of "Go
Java": Allez Java! They began walking out of the room -- first in a trickle and
then in a flood. At the end only 50 remained in the audience. This
account [24]
of the debacle, penned by an unnamed attendee (a Sun employee),
was forwarded by Keith Bostic .

Note added 1997-09-25:
It looks as if this account is exaggerated. At the request of a reader,
the IDG international news service spoke to developers who attended the
Paris conference and
came away with this summary of the affair: "A few people booed (the Sun
author being one of them) and a few people left." Thanks to
Mark Gibbs <mgibbs at gibbs dot com> for the correction. The IDG
article is now online a
[23a].